SOC FOR CYBERSECURITY
The AICPA’s guide on Reporting on an Entity’s Cybersecurity Risk Management Program and Controls (the cybersecurity guide) is used in performing a SOC for Cybersecurity examination. The AICPA defines a Cybersecurity Risk Management Program as the “policies, procedures, and controls designed to protect information and systems from security events that could compromise the achievement of the entity’s cybersecurity objectives; and to detect, respond, mitigate, and recover from security events that are not prevented in a timely manner” (AICPA). Description criteria for a SOC Cybersecurity examination is categorized into nine sections:
- Nature of business and operations
- Nature of Information at risk
- Cybersecurity Risk Management Program objectives
- Factors that have a significant effect on inherent cybersecurity risks
- Cybersecurity risk governance structure
- Cybersecurity risk assessment process
- Cybersecurity communications and the quality of cybersecurity information
- Monitoring of the Cybersecurity Risk Management Program
- Cybersecurity control processes
SOC for Cybersecurity, Type I ExaminationA Type I examination provides an opinion on whether the description of the Cybersecurity Risk Management Program system fairly represents the design of the controls in place to meet service commitments and system requirements for a Cybersecurity Risk Management Program. A SOC for Cybersecurity Type I examination is performed as of a point in time. The distribution of a SOC for Cybersecurity, Type I report is restricted.
SOC 2, Type II ExaminationA Type II examination provides an opinion on whether the description of the Cybersecurity Risk Management Program is fairly represented and whether the controls designed are operating effectively to meet service commitments and system requirements for the Cybersecurity Risk Management Program. A SOC for Cybersecurity Type II examination is performed over a period of time called a service period. The distribution of a SOC for Cybersecurity, Type II report is restricted.
SOC for Cybersecurity Benefits
- Work with an expert to gain valuable insight on cybersecurity risk management best practices and regulations
- Demonstrate your cyber resiliency through SOC certification for your Cybersecurity Risk Management Program
To learn more about our SOC for Cybersecurity services reach out and speak to a SOC2 Services expert today!